Disaster Recovery Plan Template Business Continuity

Disaster planning, emergency preparedness, or business continuity (and experts note that there are differences) -  the goals are ultimately the same:  to get an organization back up and running in the event of an interruption.  The problem causing the interruption could be one computer crashing or an entire network crashing.  Or it could be an electrical outage or the result of a terrorist activity.  The goal is to have some contingency plans in the event of a problem.  A disaster recovery plan exists to preserve the organization so that it can continue to offer its services. 

A disaster recovery plan is a users' guide - the documentation - for how to preserve an organization.  In order for a plan to be useful, it must be created before an interruption occurs.  Business continuity is disaster recovery.  Lost revenue is a driving force in business continuity.  The reason to do a recovery plan is essentially to keep the funding coming in and the services going, and the clients being served.

• Emergency planning are those procedures and steps done immediately after an interruption to business.
• Disaster recovery are the steps taken to restore some functions so that some level of services can be offered.
• Business continuity is restoration planning, completing the full circle to get your organization back to where it was before an interruption.

In order to write your plan, you have to do some planning. This planning is the process that will get you to the step where you then commit your plan to paper - you can’t write a plan until you do the preparation.  The most difficult thing is getting started; the second most difficult task is keeping the plan current.

The Difference Between Disaster Recovery Planning and Business Continuity Planning Defined

Disaster Recovery Planning (DRP) is the process by which you resume business after a disruptive event.  This typically means that you can get the enterprise computers, networks, and data base operational. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Center-or something small, like malfunctioning software caused by a computer virus.

Given the human tendency to look on the bright side, many business executives are prone to ignoring "disaster recovery" because disaster seems an unlikely event. However Janco has found that over one third of all enterprises have had to activate their Disaster Plans in the last few years.

Business Continuity Planning (BCP) suggests a more comprehensive approach to making sure you can keep the enterprise going and meet it business objectives. This goes beyond the enterprise computers, networks and data bases.  However, the two terms are married under the acronym DR/BC or DRP/BCP. At any rate, Disaster Recovery Planning and/or Business Continuity Planning facilitate how a company will keep functioning after a disruptive event until its normal facilities are restored. 

Disaster Recovery Business Continuity Scope

Recognizing the scope of the requirements, Janco suggests that you purchase the Disaster Recovery Business Continuity Template  and the do the following:

• Conduct a business impact assessment. This involved a crossfunctional team to evaluate the business requirements and tier data based on the importance to our business operations.
• Protect data and applications. It was important to back up data frequently to ensure records are kept, so we needed to upgrade
  our backup equipment to a faster version to reduce the time it took to complete a backup cycle.
• Review power and connectivity options. We needed to add uninterrupted power supplies (UPS) and connectivity for critical servers, network connections and selected personal computers to keep the most essential applications running in case of a power outage.
• Document, test and update the disaster preparedness plan. Part of the Janco Disaster Recovery and Business Continuity Template plan needs you to include updated configuration diagrams of the hardware, software and network components to be used in the recovery. The plan also needed to include logistical details, such as travel to backup sites and spending authorization for emergency needs.
• Consider telecommunications alternatives. Often taken for granted, telecommunications backup involving redundancy and alternatives needed to be in place - and in the case of spot outages, redundancy may be enough. For larger outages, alternative communications vehicles, including wireless phones, wireless data cards and satellite phones, had to be considered.

Testing is Critical to Disaster Recovery Planning

Importance of testing is critical to the disaster recovery and business continuity planning.

All good disaster recovery and contingency plans start with having a good solid backup of data. Although systems and applications can be reinstalled and reconfigured, data cannot be rebuilt out of thin air. The key to having a good backup is to make sure the data is correct and can be successfully restored. This is not always as easy as it seems. One company had such an issue. Their backup administrator did not correctly follow procedures and when he thought he was doing a backup, he actually was not writing anything. When they tried to restore a database, they found out all the tapes were blank.

Cost of Disaster Recovery Backup Is High For Many Enterprises

Pandemic Alert Level 5 Requires DRP/BCP Plans be Activated

The World Health Organization has raised the pandemic alert over the spread of swine flu to phase 5.

WHO says that based on assessment of all available information and following several expert consultations raised the current level of influenza pandemic alert from phase 4 to 5.

While making the annoucement, WHO stated that all countries should immediately activate their pandemic preparedness plans. At this stage, effective and essential measures include heightened surveillance, early detection and treatment of cases, and infection control in all health facilities.

Disaster Planning for a Pandemic

In disaster planning when a pandemic occurs the data center exists but people are in separate locations. The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities in addition before the pandemic occurs the following planning needs to take place:

• Define necessary staff levels for critical business processes
• Identify who can work remotely and who has to be in the office
• Validation of vaccinations for key staff members
• Identify the lights out processing issues for computer operations staff
• Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
• Train and test of users and IT staffs in how to operate from remote locations Require key employees to work from remote site at least once a month
• Validate broadband capacity to remote sites (home users)
• Have copies of disaster plan available in remote site
• Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
• Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
• Define change management and version control processes to be used and how they will be controlled during the pandemic.

How to get started with a Disaster Planning process

Getting started with a disaster recovery / business continuity plan may seem daunting, but is not. The process starts by addressing the needs of the business - not the IT department.

• Access the enterprise's operating environment - Identify critical business functions and then determine which systems, applications and data must be available to keep each function running smoothly.
• Conduct an IT business impact analysis - Develop a hierarchy of business functions and processes based on their importance to operations. You will most likely find that, although some systems need to be up and running as soon as possible after a disaster, other systems can wait.
• Establish a team with enterprise wide management experience and responsibility -  Gather representatives from across the business, from IT to human resources and facilities management. Each member should contribute to both the development of the disaster recovery plan and its execution. Be sure to define their responsibilities and the reporting hierarchy in the event of a disaster and to equip them with mobile technology, so they can make decisions spontaneously.
• Develop budgets and funding sources - A disaster recovery plan is only as effective as the resources that are committed to it. Once you have determined what it will require to support your business recovery objectives, you need to identify the tools and procedures needed to meet them. Be specific about the cost of these mechanisms, as well as the financial risk of disaster, so you can build a realistic business case.
• Define specific responsibilities and tasks - Spell out tasks, responsibilities and roles - not only to revive systems, but also to provide access to users and enable operations to continue even under compromised circumstances.
• Re-evaluate what has been created and keep it up to date - Test it, reexamine it and update it regularly - once a year, twice a year or even quarterly. Also, remember that there are continuing advancements in disaster recovery technology. Keep revisiting your options to take advantage of faster, more-cost-effective solutions.

Google Designs its Servers With DRP and BCP in Mind

Most companies buy servers from the likes of Dell, Hewlett-Packard, IBM, or Sun Microsystems. But Google, which has hundreds of thousands of servers and considers running them part of its core expertise, designs and builds its own. Google has designed its own servers and each server has its own 12-volt battery to supply power if there's a problem with the main source of electricity. Since 2005 Google's data centers have been composed of standard shipping containers--each with 1,160 servers and a power consumption that can reach 250 kilowatts.